Security advisors have blamed sloppy work by programmers for the latest round of China-based hacker attacks on hundreds of thousands of websites.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

"Web developers should heed secure development practices because a fully patched host may still be susceptible to attack if code was not properly checked for vulnerabilities," he said.

However, end-users have been advised to ensure they have the most recent security updates for all their applications and to use web-filtering software to protect their users.

Landesman said the latest SQL injection attacks are connected with two earlier attacks in October and December last year.

She said all the attacks targeted the UN and the same code was used, indicating that the same persons or group of people was behind the attacks.

Chenette said the precise size of this attack was difficult to quantify because malicious sites were continually moving, but he said the number of infected sites has started to decrease because of widespread awareness of the attack.

Microsoft said on the company's security response center's blog that the attacks were not related to any known security issues related to Microsoft's Internet Information Services (IIS) 6.0, Active Server Pages (ASP), ASP.Net or Microsoft SQL technologies.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy